[afnog] Fighting SPAM

Evelyn Namara evelyn.namara at hits-telecom.com
Fri Sep 5 11:15:22 UTC 2008 

Hi Noah,

Could you please send through your main.cf or master.cf file - where you
configured your spamassasin?

Thank you

Maina Noah wrote:
> Dear all,
>
> I have this mail systems that i just brought up for a client couple of 
> days ago.
> The MTA of choice was Postfix and Dovecot for IMAP/POP stuff. I also
> complied Spamassassin for handling spam on this system. The OS is 
> Linux Centos 5.
>
> However the flow of junk and spam email to the users Inbox is so huge.
>
> I have fine tuned spamassassin to the best of my knowledge and it seems to
> work fine however, i am not certain if it is really blocking spam 
> emails all at.
> Some emails that come to the Inbox that are suspected to be spam email 
> are
> appended with the word *SPAM*...but filtering and cleaning them is an 
> issue to.
> The good thing is legitimate organizational emails are not regarded as 
> spam which is fine.
> Emails from the domain in question sent to yahoo and gmail tend to go 
> to the yahoo/gmail spam folders
> of the recipients, instead of the Inbox.
>
> I am therefore looking for some solution/help to solve this problem. 
> Any one knows another
> Open-source alternative of SA or maybe you can advice on how i can go 
> about with
> spamassassin.
>
> *See below the sample output of the /var/log/maillog file from the 
> same server. *
>
> Sep  5 12:37:27 email dovecot: IMAP(ncy at ncy.or.tz): Connection closed: 
> Connection reset by peer bytes=62/177472
> Sep  5 12:37:35 email dovecot: imap-login: Login: 
> user=<hmakileo at ncy.or.tz>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, 
> secured
> Sep  5 12:37:35 email dovecot: IMAP(hmakileo at ncy.or.tz): Disconnected: 
> Logged out bytes=79/395
> Sep  5 12:37:55 email dovecot: imap-login: Login: 
> user=<ncy at ncy.or.tz>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
> Sep  5 12:37:55 email dovecot: IMAP(ncy at ncy.or.tz): Disconnected: 
> Logged out bytes=79/364
>
> Sep  5 12:38:03 email postfix/smtpd[9788]: connect from 
> unknown[210.181.218.253]
> Sep  5 12:38:05 email postfix/smtpd[9788]: NOQUEUE: reject: RCPT from 
> unknown[210.181.218.253]: 550 5.1.1 <amosha at ncy.or.tz>: Recipient 
> address rejected: User unknown in virtual mailbox table; 
> from=<djkeaveny at cainsfoods.com> to=<amosha at ncy.or.tz> proto=ESMTP 
> helo=<[210.181.218.253]>
> Sep  5 12:38:06 email postfix/smtpd[9788]: lost connection after DATA 
> from unknown[210.181.218.253]
> Sep  5 12:38:06 email postfix/smtpd[9788]: disconnect from 
> unknown[210.181.218.253]
> Sep  5 12:38:11 email postfix/smtpd[9788]: connect from 
> 85.64.63.156.dynamic.barak-online.net[85.64.63.156]
> Sep  5 12:38:16 email postfix/smtpd[9788]: C27412D780FE: 
> client=85.64.63.156.dynamic.barak-online.net[85.64.63.156]
>
> Sep  5 12:38:19 email postfix/cleanup[9796]: C27412D780FE: 
> message-id=<20080905093816.C27412D780FE at email.ncy.co.tz>
> Sep  5 12:38:19 email postfix/qmgr[2788]: C27412D780FE: 
> from=<nejohars_1995 at Rubys.com>, size=1326, nrcpt=1 (queue active)
> Sep  5 12:38:19 email spamd[2772]: spamd: connection from 
> email.ncy.co.tz [127.0.0.1] at port 60379
> */Sep  5 12:38:19 email spamd[2772]: spamd: setuid to spamd succeeded/*
> Sep  5 12:38:19 email spamd[2772]: spamd: processing message 
> <20080905093816.C27412D780FE at email.ncy.co.tz> for spamd:5001
> Sep  5 12:38:20 email postfix/smtpd[9788]: disconnect from 
> 85.64.63.156.dynamic.barak-online.net[85.64.63.156]
> */Sep  5 12:38:23 email spamd[2772]: spamd: identified spam (28.7/5.0) 
> for spamd:5001 in 3.5 seconds, 1290 bytes./*
> /*Sep  5 12:38:23 email spamd[2772]: spamd: result: Y 28 -*/
> Sep  5 12:38:23 email postfix/pickup[9480]: 6B2322D78105: uid=5001 
> from=<nejohars_1995 at Rubys.com>
> Sep  5 12:38:23 email postfix/pipe[9798]: C27412D780FE: 
> to=<tlemunge at ncy.or.tz>, relay=spamassassin, delay=7.6, 
> delays=4.1/0/0/3.5, dsn=2.0.0, status=sent (delivered via spamassassin 
> service)
> /*Sep  5 12:38:23 email postfix/qmgr[2788]: C27412D780FE: removed*/
> Sep  5 12:38:23 email postfix/cleanup[9796]: 6B2322D78105: 
> message-id=<20080905093816.C27412D780FE at email.ncy.co.tz>
> Sep  5 12:38:23 email postfix/cleanup[9796]: 6B2322D78105: discard: 
> header X-Spam-Level: **************************** from local; 
> from=<nejohars_1995 at Rubys.com> to=<tlemunge at ncy.or.tz>
> Sep  5 12:38:23 email spamd[2709]: prefork: child states: II
> HELO_DYNAMIC_IPADDR2,HELO_DYNAMIC_SPLIT_IP,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RCVD_NUMERIC_HELO,RDNS_DYNAMIC,TVD_RCVD_IP,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL 
> scantime=3.5,size=1290,user=spamd,uid=5001,required_score=5.0,rhost=email.ncy.co.tz,raddr=127.0.0.1,rport=60379,mid=<20080905093816.C27412D780FE at email.ncy.co.tz>,autolearn=spam
>
> I will grateful for your responses.
>
> kind regards
>
> ./maina noah
>
>  
> ------------------------------------------------------------------------
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog

More information about the afnog mailing list